Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Lepture
Lepture mistune |
|
| Vendors & Products |
Lepture
Lepture mistune |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and redirect same-page navigation, CSS selectors, or JavaScript handlers. This issue is fixed in version 3.3.0. | |
| Title | Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content | |
| Weaknesses | CWE-1284 CWE-345 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T13:54:33.627Z
Reserved: 2026-07-07T18:20:06.126Z
Link: CVE-2026-59930
Updated: 2026-07-09T13:54:15.055Z
No data.
OpenCVE Enrichment
Updated: 2026-07-16T21:30:06Z